From 3702c0cc020237f7d97bc42178c23dd0d538e89e Mon Sep 17 00:00:00 2001
From: Brett Bryant <bbryant@digium.com>
Date: Mon, 20 Sep 2010 23:57:08 +0000
Subject: [PATCH] Fix misvalidation of meetme pins in conjunction with the 'a'
 MeetMe flag.

When using the 'a' MeetMe flag and having a user and admin pin setup for your
conference, using the user pin would gain you admin priviledges. Also, when no
user pin was set, an admin pin was, the 'a' MeetMe flag wasn't used, and the
user tried to enter a conference then they were still prompted for a pin and
forced to hit #.

(closes issue #17908)
Reported by: kuj
Patches:
      pins_2.patch uploaded by kuj (license 1111)
      Tested by: kuj

      Review: [full review board URL with trailing slash]


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@287758 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 apps/app_meetme.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/apps/app_meetme.c b/apps/app_meetme.c
index 111977beb5..28237d9e42 100644
--- a/apps/app_meetme.c
+++ b/apps/app_meetme.c
@@ -2941,9 +2941,13 @@ static int conf_exec(struct ast_channel *chan, void *data)
 				if (allowretry)
 					confno[0] = '\0';
 			} else {
-				if (((!ast_strlen_zero(cnf->pin) &&
-				    !ast_test_flag(&confflags, CONFFLAG_ADMIN)) ||
-				    !ast_strlen_zero(cnf->pinadmin)) &&
+				if (((!ast_strlen_zero(cnf->pin)       &&
+					!ast_test_flag(&confflags, CONFFLAG_ADMIN)) ||
+				     (!ast_strlen_zero(cnf->pinadmin)  &&
+				     	 ast_test_flag(&confflags, CONFFLAG_ADMIN)) ||
+			    	     (!ast_strlen_zero(cnf->pin) &&
+			    	     	 ast_strlen_zero(cnf->pinadmin) &&
+			    	     	 ast_test_flag(&confflags, CONFFLAG_ADMIN))) &&
 				    (!(cnf->users == 0 && cnf->isdynamic))) {
 					char pin[MAX_PIN] = "";
 					int j;
@@ -2958,9 +2962,11 @@ static int conf_exec(struct ast_channel *chan, void *data)
 							res = ast_app_getdata(chan, "conf-getpin", pin + strlen(pin), sizeof(pin) - 1 - strlen(pin), 0);
 						}
 						if (res >= 0) {
-							if (!strcasecmp(pin, cnf->pin) ||
-							    (!ast_strlen_zero(cnf->pinadmin) &&
-							     !strcasecmp(pin, cnf->pinadmin))) {
+							if ((!strcasecmp(pin, cnf->pin) &&
+							     (ast_strlen_zero(cnf->pinadmin) ||
+							      !ast_test_flag(&confflags, CONFFLAG_ADMIN))) ||
+							     (!ast_strlen_zero(cnf->pinadmin) &&
+							      !strcasecmp(pin, cnf->pinadmin))) {
 								/* Pin correct */
 								allowretry = 0;
 								if (!ast_strlen_zero(cnf->pinadmin) && !strcasecmp(pin, cnf->pinadmin)) 
-- 
2.47.3